diff options
author | Roi Dayan <roid@mellanox.com> | 2014-02-04 16:54:54 +0200 |
---|---|---|
committer | Roland Dreier <roland@purestorage.com> | 2014-02-14 09:48:03 -0800 |
commit | 7d9eacf9457efc6b614665e1095336c11ad83f0d (patch) | |
tree | 0992c780cf2480cb3999f0b249be37161e849f91 /drivers | |
parent | 38dbfb59d1175ef458d006556061adeaa8751b72 (diff) | |
download | kernel-common-7d9eacf9457efc6b614665e1095336c11ad83f0d.tar.gz kernel-common-7d9eacf9457efc6b614665e1095336c11ad83f0d.tar.bz2 kernel-common-7d9eacf9457efc6b614665e1095336c11ad83f0d.zip |
IB/iser: Avoid dereferencing iscsi_iser conn object when not bound to iser connection
Fix a possible NULL pointer dereference in disconnection flow. This
can happen if the target disconnected/rejected the connection request,
e.g before the binding stage between iscsi connection to the transport
connection.
Signed-off-by: Alex Tabachnik <alext@mellanox.com>
Signed-off-by: Roi Dayan <roid@mellanox.com>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
Diffstat (limited to 'drivers')
-rw-r--r-- | drivers/infiniband/ulp/iser/iser_verbs.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/drivers/infiniband/ulp/iser/iser_verbs.c b/drivers/infiniband/ulp/iser/iser_verbs.c index afe95674008b..ca37edef2791 100644 --- a/drivers/infiniband/ulp/iser/iser_verbs.c +++ b/drivers/infiniband/ulp/iser/iser_verbs.c @@ -652,9 +652,13 @@ static int iser_disconnected_handler(struct rdma_cm_id *cma_id) /* getting here when the state is UP means that the conn is being * * terminated asynchronously from the iSCSI layer's perspective. */ if (iser_conn_state_comp_exch(ib_conn, ISER_CONN_UP, - ISER_CONN_TERMINATING)) - iscsi_conn_failure(ib_conn->iser_conn->iscsi_conn, - ISCSI_ERR_CONN_FAILED); + ISER_CONN_TERMINATING)){ + if (ib_conn->iser_conn) + iscsi_conn_failure(ib_conn->iser_conn->iscsi_conn, + ISCSI_ERR_CONN_FAILED); + else + iser_err("iscsi_iser connection isn't bound\n"); + } /* Complete the termination process if no posts are pending */ if (ib_conn->post_recv_buf_count == 0 && |